Hitting Above The Security Mendoza Line

A few years ago Alex Hutton coined the term Security Mendoza Line. It was in reference to Mario Mendoza the baseball player often used as a baseline for how well a player must hit in order to stay in the major leagues and not be demoted. Keeping up with the attacks automated within Metasploit can […]

Read more

Security Organizational Behaviour – making people part of the solution

Why technology and process don’t solve the problem alone and how to make security part of the normal pattern of behaviour for your organization. Instead of assuming that “humans are the weakest link” this talk will show how to make people the first line of defence and make them an asset, instead of a liability.

Read more

Incident Response Kung fu: Tree Style

Preparation, Identification, Containment, Eradication, Recovery and Follow-up are nice to say and do – but how does one actually investigate an incident. Jason has been working on a methodology for the past 4 years while being exposed to incidents in a high value institution. In an effort to continue fine tune, Jason wants to present […]

Read more

OSSAMS, Security Testing Automation and Reporting

This presentation will discuss the options available to automate the conduct of vulnerability assessment and penetration testing engagements, and the reporting processes. The most important parts of running a security test are following a consistent methodology, utilizing the appropriate tools and their configuration, data management, getting accurate results, manual validation, and standardized reporting. The goal […]

Read more

Cubical Warfare, The next Arms Race

Cubical warfare is currently in an up raise. One Nerf gun can cause an arms race escalating beyond current weaponry either from common concept of High Performance Culture, to downright nastiness of co-workers. My goal is to educate attendees to take normal run-of-the-mill soft dart weapons, and make them into weapons of mass pain. Topics […]

Read more

Disc Detainer Locks

This talk will explain disc detainer locks from their basic function to the highest security models. We will examine their emergence in various world markets, particularly their recent emergence in the North America. Schuyler will demonstrate known vulnerabilities from picking, to impressioning to low-cost key duplication. The goal of this talk is to introduce audience […]

Read more

64-bit Imports Rebuilding and Unpacking

64-bit malware are coming! 64-bit malware are coming! I’ve been repeating this for the last 2 years; it’s not tinfoil hat talk anymore. With 64-bit packers and protectors being released, there is presently a growing need to create new tools to facilitate the manual unpacking process for malware analysis and to make it as trivial […]

Read more

Securing your network with open-source technologies and standard protocols: Tips & Tricks

We continually are asked “Does your product work with VPN X?”. This is the wrong question. The right question is whether any product on your network supports the authentication protocol you have chosen as a standard. Once you decide on a standard, the world opens up to you. Specifically, the world of open source software. […]

Read more

Cloud definitions you’ve been pretending to understand

We’ve all heard talks where we nodded in agreement with the speaker when he or she launched into jargon we didn’t comprehend. In this talk Jack, assisted by sock puppets, will explain common cloud computing terminology and discuss some common misconceptions about cloud computing.

Read more

Building your own secure U3 launchable Windows forensic toolkit

This toolset attempts to provide a easy to use U3 drive to gather forensic data from a windows computer. The entire toolset is located on the read-only portion of the U3 drive, and reports are writen to the writeable portion.

Read more

BLINDELEPHANT: Web Application Fingerprinting with Static Files

Well-known web applications are used for many purposes such as blogging, forums, e-commerce, database management, email and myriad others. Vulnerabilities in these applications (and their plugins) are discovered at an accelerated rate and are abused for site defacement and increasingly to serve malware. Website administrators need to keep track of the versions of these web […]

Read more

Fuzzing Proprietary Protocols – A Practical Approach

Proprietary protocols are commonly used in industrial environments and are hard to fuzz. Often, one product like a railway control centre communicates over more than 10 proprietary protocols. Usually, external attackers do not have the specifications of the protocols to write suitable fuzzers. The same applies to internal penetration testers. Even with the specifications, time […]

Read more

OMG-WTF-PDF

Ambiguities in the PDF specification means that no two PDF parsers will see a file in the same way. This leads to many opportunities for exploit obfuscation.  PDFs are currently the greatest vector for drive-by (malware installing) attacks and targeted attacks on business and government. A/V technology is extraordinarily poor at detecting these. [Well except […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!
Fields marked with an * are required